picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/resolve
History
Lennart Poettering f6618dcd96 resolved: never store NSEC/NSEC3 RRs from the upper zone of a zone cut in cache 
When using NSEC/NSEC3 RRs from the cache to derive existance of arbitrary RRs, we should not get confused by the fact
that NSEC/NSEC3 RRs exist twice at zone cuts: once in the parent zone, and once in the child zone. For most RR types we
should only consult the latter since that's where the beef is. However, for DS lookups we have to check the former.

This change makes sure we never cache NSEC/NSEC3 RRs from any parent zone of a zone-cut. It also makes sure that when
we look for a DS RR in the cache we never consider any cached NSEC RR, as those are now always from the child zone.
 		2016-01-25 17:19:19 +01:00
..
.gitignore resolve: add more record types and convert to gperf table 2014-08-03 22:02:32 -04:00
Makefile resolved: add daemon to manage resolv.conf 2014-05-19 18:14:56 +02:00
RFCs resolved: update RFCs list and TODO list 2016-01-17 20:47:46 +01:00
dns-type.c resolved: move dns_type_to_af() to dns-type.c 2016-01-25 15:59:40 +01:00
dns-type.h resolved: move dns_type_to_af() to dns-type.c 2016-01-25 15:59:40 +01:00
org.freedesktop.resolve1.conf resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
org.freedesktop.resolve1.service resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
resolve-tool.c resolve: minor strings improvements 2016-01-25 17:19:18 +01:00
resolved-bus.c resolved: get rid of unnecessary if check 2016-01-25 15:59:40 +01:00
resolved-bus.h resolved: expose bus objects for each Link 2016-01-19 21:56:54 +01:00
resolved-conf.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved-conf.h resolved,networkd: unify ResolveSupport enum 2016-01-05 17:30:51 +01:00
resolved-def.h resolved: add packet header details for mDNS 2015-12-08 16:41:45 +01:00
resolved-dns-answer.c resolved: when we find a DNAME RR, don't insist in a signed CNAME RR 2016-01-17 21:50:10 +01:00
resolved-dns-answer.h resolved: when we find a DNAME RR, don't insist in a signed CNAME RR 2016-01-17 21:50:10 +01:00
resolved-dns-cache.c resolved: never store NSEC/NSEC3 RRs from the upper zone of a zone cut in cache 2016-01-25 17:19:19 +01:00
resolved-dns-cache.h resolved: when caching negative responses, honour NSEC/NSEC3 TTLs 2016-01-05 01:35:28 +01:00
resolved-dns-dnssec.c resolve: use different bitmap checking rules when we find an exact NSEC3 match, or just a covering enclosure 2016-01-25 17:19:18 +01:00
resolved-dns-dnssec.h resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds() 2016-01-17 20:47:45 +01:00
resolved-dns-packet.c resolved: fix RR key reduction logic 2016-01-25 15:59:39 +01:00
resolved-dns-packet.h resolved: fix mDNS IPv6 multicast address 2016-01-19 14:11:05 +01:00
resolved-dns-query.c resolved: split out RR synthesis logic into its own C file 2016-01-25 15:59:40 +01:00
resolved-dns-query.h resolved: rework IDNA logic 2016-01-18 23:31:16 +01:00
resolved-dns-question.c resolved: never consider following a CNAME/DNAME chain for a CNAME/DNAME lookup 2016-01-18 23:31:16 +01:00
resolved-dns-question.h resolved: never consider following a CNAME/DNAME chain for a CNAME/DNAME lookup 2016-01-18 23:31:16 +01:00
resolved-dns-rr.c resolved: try to reduce number or DnsResourceKeys we keep around by merging them 2016-01-17 20:47:46 +01:00
resolved-dns-rr.h resolved: try to reduce number or DnsResourceKeys we keep around by merging them 2016-01-17 20:47:46 +01:00
resolved-dns-scope.c resolve: generate a nice clean error when clients try to resolve a name when the network is down 2016-01-25 15:59:40 +01:00
resolved-dns-scope.h resolve: generate a nice clean error when clients try to resolve a name when the network is down 2016-01-25 15:59:40 +01:00
resolved-dns-search-domain.c dns-domain: simplify dns_name_is_root() and dns_name_is_single_label() 2015-11-25 22:00:07 +01:00
resolved-dns-search-domain.h resolved: fully support DNS search domains 2015-11-25 21:59:16 +01:00
resolved-dns-server.c resolved: don't forget about lost OPT and RRSIG when downgrading a feature level 2016-01-19 00:51:26 +01:00
resolved-dns-server.h resolved: downgrade server feature level more aggressively when we have reason to 2016-01-17 20:47:46 +01:00
resolved-dns-stream.c resolved: set a description on all our event sources 2016-01-11 19:39:59 +01:00
resolved-dns-stream.h remove unused includes 2015-02-23 23:53:42 +01:00
resolved-dns-synthesize.c resolved: split out RR synthesis logic into its own C file 2016-01-25 15:59:40 +01:00
resolved-dns-synthesize.h resolved: split out RR synthesis logic into its own C file 2016-01-25 15:59:40 +01:00
resolved-dns-transaction.c resolved: if we detect a message with incomplete DNSSEC data, consider this an invalid packet event 2016-01-25 17:19:19 +01:00
resolved-dns-transaction.h resolve: generate a nice clean error when clients try to resolve a name when the network is down 2016-01-25 15:59:40 +01:00
resolved-dns-trust-anchor.c resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds() 2016-01-17 20:47:45 +01:00
resolved-dns-trust-anchor.h resolved: when validating, first strip revoked trust anchor keys from validated keys list 2016-01-11 19:39:59 +01:00
resolved-dns-zone.c resolved: internalize string buffer of dns_resource_record_to_string() 2015-12-26 19:09:10 +01:00
resolved-dns-zone.h resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled 2015-12-10 11:35:52 +01:00
resolved-gperf.gperf resolved: remove configuration knobs for mDNS until it's ready 2016-01-19 14:11:05 +01:00
resolved-link-bus.c resolved: fix typo 2016-01-25 15:59:39 +01:00
resolved-link-bus.h resolved: add SetLinkXYZ() method counterparts on the Link object 2016-01-19 21:56:54 +01:00
resolved-link.c resolved: when checking whether a link is relevant, check kernel operstate 2016-01-25 15:59:40 +01:00
resolved-link.h resolved: when checking whether a link is relevant, check kernel operstate 2016-01-25 15:59:40 +01:00
resolved-llmnr.c resolved: set a description on all our event sources 2016-01-11 19:39:59 +01:00
resolved-llmnr.h resolved: use a #define for LLMNR port 2015-07-13 11:28:29 -04:00
resolved-manager.c resolved: rework DNSSECSupported property 2016-01-19 21:56:54 +01:00
resolved-manager.h resolved: rework DNSSECSupported property 2016-01-19 21:56:54 +01:00
resolved-mdns.c resolved,networkd: unify ResolveSupport enum 2016-01-05 17:30:51 +01:00
resolved-mdns.h resolved: add infrastructure for mDNS related sockets 2015-12-08 16:37:40 +01:00
resolved-resolv-conf.c resolved: cache formatted server string in DnsServer structure 2016-01-11 19:40:00 +01:00
resolved-resolv-conf.h resolved: split out all code dealing with /etc/resolv.conf into its own .c file 2015-11-25 21:58:37 +01:00
resolved.c resolved,networkd: add a per-interface DNSSEC setting 2016-01-05 20:10:31 +01:00
resolved.conf.in resolved: remove configuration knobs for mDNS until it's ready 2016-01-19 14:11:05 +01:00
test-dnssec-complex.c resolved: add DNAME test case to the complex DNSSEC test 2016-01-18 23:31:16 +01:00
test-dnssec.c resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds() 2016-01-17 20:47:45 +01:00